HP Security Bulletin – A potential security vulnerability has been identified in the SFTP Server (sftp-server) component of SSH version 3.2.0 and earlier running on HP Tru64 UNIX. The vulnerability could be exploited by a remote user to execute arbitrary code or cause a Denial of Service (DoS). Yes, this is from 2006. Yes, HP is just notifying people now.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/64903/SSRT080011.txt
Source: https://packetstormsecurity.com/files/64903/HP-Security-Bulletin-2008-00.11.html